Re: [IPsec] My shepherd review of draft-ietf-ipsecme-ikev1-algo-to-historic
Paul Wouters <paul@nohats.ca> Fri, 10 June 2022 16:10 UTC
Return-Path: <paul@nohats.ca>
X-Original-To: ipsec@ietfa.amsl.com
Delivered-To: ipsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3780C1A7F23; Fri, 10 Jun 2022 09:10:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VrVZUrtrtkae; Fri, 10 Jun 2022 09:10:02 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [193.110.157.85]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01CEDC175066; Fri, 10 Jun 2022 09:09:25 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4LKQrg1Yy9zDdK; Fri, 10 Jun 2022 18:09:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1654877363; bh=dmmLH1ghEkbnW29HCpWB/6dA7dGDn8UwSJSOfTO5iL0=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=ES+PsM9FfjiabtKZJ8zc477P2Wnx4/0PKT4NAvn7vDzXj6mRk38My3zSPmgLgoba0 pga6sYMJICcTtTMVCd0pmrGBtokdktD7jmuvlRNQg0nuVPwfNe9sP8JnyF68dc+CGC mq+b/Ndk5uKYC9xBGbEJ4L7GNlsdTaWcJogTjnA8=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id DODJRABY78s3; Fri, 10 Jun 2022 18:09:22 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Fri, 10 Jun 2022 18:09:22 +0200 (CEST)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 2CDD438B264; Fri, 10 Jun 2022 12:09:21 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id 2816738B263; Fri, 10 Jun 2022 12:09:21 -0400 (EDT)
Date: Fri, 10 Jun 2022 12:09:21 -0400
From: Paul Wouters <paul@nohats.ca>
To: Tero Kivinen <kivinen@iki.fi>
cc: draft-ietf-ipsecme-ikev1-algo-to-historic@ietf.org, ipsec@ietf.org
In-Reply-To: <25247.21726.403824.139055@fireball.acr.fi>
Message-ID: <95994354-7bf5-62ab-6c56-7de711e24491@nohats.ca>
References: <25247.21726.403824.139055@fireball.acr.fi>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipsec/of7lDtTI6WIq_dWfBm9Z7nIgj2c>
Subject: Re: [IPsec] My shepherd review of draft-ietf-ipsecme-ikev1-algo-to-historic
X-BeenThere: ipsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Discussion of IPsec protocols <ipsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipsec>, <mailto:ipsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipsec/>
List-Post: <mailto:ipsec@ietf.org>
List-Help: <mailto:ipsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipsec>, <mailto:ipsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Jun 2022 16:10:06 -0000
On Tue, 7 Jun 2022, Tero Kivinen wrote: > but the RFC8223 is completely unrelated to the matter in hand: > I assume it should be RFC8221 (i.e. replace the text in section 1 and > the reference). Yes, fixed. > This document says it updates 7296, 8221, and 8247. I am not > completely sure what it is supposed to update in RFC 7296? I can > somewhat understand that it supposedly updates 8221 and 8247 as it > changes the status of some cryptographic algorithms from MAY to > DEPRECATED, but I do not think there is anything in RFC7296 that is > really updated (not RFC8221, or 8247 do not update 7296). > > I.e., what changes do RFC 7296 implementations need to do based on > this document (knowing that RFC7296 didn't specify the mandatory to > implement algorithms in it)? > > Adding new status column to IANA is not updating the protocol. > > So I would remove the 7296 from the Updates list. Agreed, done. > In the section 1 there is text saying: > > IKEv1 has been moved to Historic status. > > I think it is supposed to say "This document moves IKEv1 to Historic > status". We used the text because RFCs do not make documents Historic, it is IESG actions. See our whatsapp msg exchange. > -- > > What about other related RFCs, like RFC2407 The Internet IP Security > Domain of Interpretation for ISAKMP, and RFC2408 Internet Security > Association and Key Management Protocol (ISAKMP)? > > Both of them are also obsoleted by the IKEv2, and are standard track > documents. I think we should move all of them to HISTORIC, i.e. change > section 3 to say "RFC 2407, RFC 2408, and RFC 2409 to Historic". Yes. Done. > > I think the Normative and Informal References split is not correct. > > For example I do not think any of the RFC2407-2409, or RFC4306 are > normative. > > I think the normative references section should just list RFC2119, > RFC8174, RFC8221 (replace 8223 wih this), and RFC8247. > > The IKEv1, and IKEv2 releated RFCs are not needed to be normative > references, as you do not need to read and understand to know they are > deprecated :-) Done :) > I.e., move RFC2407, 2408, 2409, 4306, 6407, 7296, 8784 to informative > references section. RFC7296 might also be in normative if it is kept > in the updates list... I removed 7296 from the updates: list. All changes are in -06. Paul
- [IPsec] My shepherd review of draft-ietf-ipsecme-… Tero Kivinen
- Re: [IPsec] My shepherd review of draft-ietf-ipse… Paul Wouters
- Re: [IPsec] My shepherd review of draft-ietf-ipse… Tero Kivinen